This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.21-112-g6909d27
- From: ppluzhnikov at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 24 Feb 2015 16:06:58 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.21-112-g6909d27
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 6909d2767580b680138a6aa49aabf4976770e9f6 (commit)
from 65f6f938cd562a614a68e15d0581a34b177ec29d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6909d2767580b680138a6aa49aabf4976770e9f6
commit 6909d2767580b680138a6aa49aabf4976770e9f6
Author: Paul Pluzhnikov <ppluzhnikov@google.com>
Date: Tue Feb 24 08:05:34 2015 -0800
Fix BZ #17916 - fopen unbounded stack usage for ccs= modes
diff --git a/ChangeLog b/ChangeLog
index 59a1571..c306867 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2015-02-24 Paul Pluzhnikov <ppluzhnikov@google.com>
+
+ [BZ #17916]
+ * libio/fileops.c (_IO_new_file_fopen): Limit stack use
+ * libio/tst-fopenloc.c (do_test, do_bz17916): Add a large ccs= test
+
2015-02-24 Eric Rannaud <e@nanocritical.com>
[BZ #17523]
diff --git a/NEWS b/NEWS
index bd95e74..3f005fe 100644
--- a/NEWS
+++ b/NEWS
@@ -10,8 +10,8 @@ Version 2.22
* The following bugs are resolved with this release:
4719, 14841, 13064, 14094, 15319, 15467, 15790, 16560, 17269, 17523,
- 17569, 17588, 17792, 17836, 17912, 17932, 17944, 17949, 17964, 17965,
- 17967, 17969, 17978, 17987, 17991, 17996, 17998, 17999.
+ 17569, 17588, 17792, 17836, 17912, 17916, 17932, 17944, 17949, 17964,
+ 17965, 17967, 17969, 17978, 17987, 17991, 17996, 17998, 17999.
* Character encoding and ctype tables were updated to Unicode 7.0.0, using
new generator scripts contributed by Pravin Satpute and Mike FABIAN (Red
diff --git a/libio/fileops.c b/libio/fileops.c
index 297b478..2427320 100644
--- a/libio/fileops.c
+++ b/libio/fileops.c
@@ -353,7 +353,15 @@ _IO_new_file_fopen (_IO_FILE *fp, const char *filename, const char *mode,
struct gconv_fcts fcts;
struct _IO_codecvt *cc;
char *endp = __strchrnul (cs + 5, ',');
- char ccs[endp - (cs + 5) + 3];
+ char *ccs = malloc (endp - (cs + 5) + 3);
+
+ if (ccs == NULL)
+ {
+ int malloc_err = errno; /* Whatever malloc failed with. */
+ (void) _IO_file_close_it (fp);
+ __set_errno (malloc_err);
+ return NULL;
+ }
*((char *) __mempcpy (ccs, cs + 5, endp - (cs + 5))) = '\0';
strip (ccs, ccs);
@@ -365,10 +373,13 @@ _IO_new_file_fopen (_IO_FILE *fp, const char *filename, const char *mode,
This means we cannot proceed since the user explicitly asked
for these. */
(void) _IO_file_close_it (fp);
+ free (ccs);
__set_errno (EINVAL);
return NULL;
}
+ free (ccs);
+
assert (fcts.towc_nsteps == 1);
assert (fcts.tomb_nsteps == 1);
diff --git a/libio/tst-fopenloc.c b/libio/tst-fopenloc.c
index 1336023..48c2d3b 100644
--- a/libio/tst-fopenloc.c
+++ b/libio/tst-fopenloc.c
@@ -24,10 +24,36 @@
#include <stdlib.h>
#include <string.h>
#include <wchar.h>
+#include <sys/resource.h>
static const char inputfile[] = "../iconvdata/testdata/ISO-8859-1";
+static
+int do_bz17916 (void)
+{
+ /* BZ #17916 -- check invalid large ccs= case. */
+ struct rlimit rl;
+ getrlimit (RLIMIT_STACK, &rl);
+ rl.rlim_cur = 1024 * 1024;
+ setrlimit (RLIMIT_STACK, &rl);
+
+ const size_t sz = 2 * 1024 * 1024;
+ char *ccs = malloc (sz);
+ strcpy (ccs, "r,ccs=");
+ memset (ccs + 6, 'A', sz - 6 - 1);
+ ccs[sz - 1] = '\0';
+
+ FILE *fp = fopen (inputfile, ccs);
+ if (fp != NULL)
+ {
+ printf ("unxpected success\n");
+ return 1;
+ }
+ free (ccs);
+
+ return 0;
+}
static int
do_test (void)
@@ -57,7 +83,7 @@ do_test (void)
fclose (fp);
- return 0;
+ return do_bz17916 ();
}
#define TEST_FUNCTION do_test ()
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 6 ++++++
NEWS | 4 ++--
libio/fileops.c | 13 ++++++++++++-
libio/tst-fopenloc.c | 28 +++++++++++++++++++++++++++-
4 files changed, 47 insertions(+), 4 deletions(-)
hooks/post-receive
--
GNU C Library master sources